Avoid buffer overflow with long filenames in write_auth_file() (!24) · Merge requests · xorg / app / xauth · GitLab

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

The migration is almost done, at least the rest should happen in the background. There are still a few technical difference between the old cluster and the new ones, and they are summarized in this issue. Please pay attention to the TL:DR at the end of the comment.

Alan Coopersmith requested to merge alanc/xauth:issue-7 into master Jan 27, 2025

Aligns buffer size for filenames with XauLockAuth in libXau

Closes: #7 (closed) ("Buffer overflow when constructing tmp_nam")
Reported-by: Mingjie Shen (@szsam)
Reviewed-by: Olivier Fourdan ofourdan@redhat.com
Signed-off-by: Alan Coopersmith alan.coopersmith@oracle.com

Also includes commits for:

Use remove() instead of unlink() to remove files
get_displayname_auth: replace sprintf() with snprintf()